328 matches found
Exploit for Command Injection in Php
PHP CGI Argument Injection CVE-2012-1823 !PHPhttps://im...
Western Digital My Cloud Multiple Products 5.x < 5.26.300 Multiple Vulnerabilities (WDC-23010)
Multiple Western Digital My Cloud products are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: ruby:2.7 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 2.7. BZ2189465 Security Fixes: ruby/cgi-gem: HTTP response splitting i...
CVE-2023-28703
ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary system commands, disrupt system or terminate...
CVE-2023-28703
ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary system commands, disrupt system or terminate...
The vulnerability of the CGI component of the Synology Router Manager operating system, allowing a hacker to execute arbitrary code
The vulnerability of the CGI component of the Synology Router Manager operating system, which is used to manage network devices, relates to the possibility of executing commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
PT-2023-2773 · Synology · Synology Router Manager
Name of the Vulnerable Software and Affected Versions: Synology Router Manager versions prior to 1.2.5-8227-6 Synology Router Manager versions prior to 1.3.1-9346-3 Description: The issue is related to an OS command injection vulnerability in the CGI component of Synology Router Manager. This...
CVE-2023-22913
A post-authentication command injection vulnerability in the “accountoperator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker to modify device configuration data,...
SUSE CVE-2012-2336
sapi/cgi/cgimain.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to cause a denial of service resource consumption by placing command-line options...
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Directory Traversal / File Write
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x Directory Traversal File Write Exploit Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Pulse Eco...
Zyxel USG/ZyWALL 跨站脚本漏洞
Zyxel USG/ZyWALL is a firewall from China Heqin Zyxel. A security vulnerability exists in Zyxel USG/ZyWALL versions prior to V4.73, VPN versions prior to V5.32, USG FLEX versions prior to V5.32, and ATP versions prior to V5.32, which stems from a Cross-Site Scripting XSS vulnerability in a CGI...
CVE-2022-41525
TOTOLINK NR1800X V9.1.0u.6279B20210910 was discovered to contain a command injection vulnerability via the OpModeCfg function at /cgi-bin/cstecgi.cgi...
TOTOLINK T6 操作系统命令注入漏洞
TOTOLINK T6 is a wireless dual-band router from China's TOTOLINK Electronics TOTOLINK that supports MQTT protocol and Telnet service. The TOTOLINK T6 suffers from a command injection vulnerability that stems from the sub421AA0 function in cstecgi.cgi failing to properly filter construct command...
CVE-2022-38400
Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL...
PT-2022-24408 · Unknown · Mailform Pro Cgi
Name of the Vulnerable Software and Affected Versions: Mailform Pro CGI versions 4.3.1 and earlier Description: The issue allows a remote unauthenticated attacker to obtain user input data by accessing a specially crafted URL. Recommendations: For Mailform Pro CGI versions 4.3.1 and earlier, at t...
Zyxel USG/ZyWALL 跨站脚本漏洞
Zyxel USG/ZyWALL is a firewall from China's Heqin Technology Zyxel. A cross-site scripting vulnerability exists in the CGI program in Zyxel USG/ZyWALL versions 4.35-4.70, USG FLEX 4.50-5.20, ATP 4.35-5.20, and VPN 4.35-5.20, which stems from the presence of an input validation error, and can be...
GHSA-V646-RX6W-R3QQ Improper Access Control in Apache Tomcat
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...
CVE-2022-30525
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100W firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1,...
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2022-1437)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-4029
A command injection vulnerability in the CGI program of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary OS commands via a LAN interface...